Two of the world’s leading airlines, American Airlines and Southwest Airlines, recently reported data breaches caused by a cyber attack on Pilot Credentials. This third-party service provider handles the pilot applications and recruitment portals for numerous airlines.
The data breach, which was initially reported to the airlines on May 3, was exclusive to the systems of Pilot Credentials, and there was no intrusion or harm to the systems or networks of either airline. The unauthorized breach into Pilot Credentials’ systems occurred on April 30, leading to the theft of documents containing information provided by some pilot and cadet applicants.
As per the breach notifications filed with the Office of the Attorney General in Maine, American Airlines reported that the data breach affected 5,745 pilots and applicants, while Southwest Airlines reported 3,009 impacted individuals.
The compromised data included personal information like names, social security numbers, driver’s license numbers, passport numbers, dates of birth, airman certificate numbers, and other government-issued identification numbers. Despite the breach, no proof has been discovered suggesting that the pilots’ personal information was specifically targeted or misused for fraudulent activities or identity theft.
In the wake of these events, both airlines have taken the step of directing all pilot and cadet applicants to internal portals managed by the airlines themselves. As part of this shift, Southwest Airlines stated, “We are no longer utilizing the vendor, and, moving forward, pilot applicants are being directed to an internal portal managed by Southwest.”
Furthermore, both American Airlines and Southwest Airlines have reported the data breaches to relevant law enforcement authorities and are collaborating fully with the ongoing investigations.
It’s worth noting that this is not the first time American Airlines has experienced a data breach. In September 2022, the airline reported another data breach affecting more than 1,708 customers and team members following a phishing attack in July 2022, which led to the compromise of several employee email accounts. This breach exposed personal information, including names, birth dates, contact details, driver’s license numbers, passport numbers, and certain medical information.
In another instance, American Airlines faced a data breach in March 2021, following the disclosure by global air information technology leader, SITA, that its servers had been compromised. The hackers were able to access the Passenger Service System (PSS) used by several airlines globally.
American Airlines is the largest airline globally in terms of fleet size, boasting over 1,300 mainline aircraft. It operates nearly 6,700 flights daily to approximately 350 destinations across more than 50 countries and employs more than 120,000 people. On the other hand, Southwest Airlines is the world’s largest low-cost carrier, employing almost 70,000 people and serving over 121 airports across 11 countries.